I'm pretty sure I set up my IAM role appropriately (I literally attached the ComprehendFullAccess policy to the role) and the Cognito Pool was also setup appropriately (I know this because I'm also using Rekognition and it works with the IAM Role and Cognito ID Pool I created) and yet every time I try to send a request to AWS Comprehend I get the error
Error Domain=com.amazonaws.AWSServiceErrorDomain Code=6 "(null)" UserInfo={__type=AccessDeniedException, Message=User: arn:aws:sts::<my sts>:assumed-role/Cognito_<my id pool name>Unauth_Role/CognitoIdentityCredentials is not authorized to perform: comprehend:DetectEntities}
Any idea of what I can do in this situation? I tried creating a new Cognito Pool and creating a custom IAM Role that literally only allows comprehend:DetectEntities and it still doesn't work.
There is a limitation of using the Cognito Enhanced flow with Comprehend service currently. Please use the following constructor where you specify the ARNs of the roles in your identity pool. This uses the basic flow for fetching credentials and works with Cognito.
AWSCognitoCredentialsProvider *credentialsProvider = [[AWSCognitoCredentialsProvider alloc]
initWithRegionType:AWSRegionUSEast1
identityPoolId:@"identityPoolId"
unauthRoleArn:@"unauthRoleArn"
authRoleArn:@"authRoleArn"
identityProviderManager:nil]; // identityProviderManager is required for federating an identity provider with Cognito